Pass command flags down from resolve-audit to nested npm audit fix #78
Comments
|
Thanks for reporting. My intention with the latest major version was to leave the fix command out as it's been proving less capable over time. I encourage you run the fix before resolve-audit and then supplement the fixes manually if needed, after which you run resolve-audit. Let me know if you think it makes sense to make --registry pass through to the fix command or you'd be better off running audit fix separately. |
|
Apologies for not following up earlier. Thanks for the explanation. I'll amend our process to run the fix command prior to the reolve-audit command. I think the only caveat here is that you lose your history of "fix" decisions in |
G'day,
When using
resolve-auditto resolve vulnerabilities by applying an autofix, my team has been running into an issue where CLI flags aren't passed along to the nestednpm audit fixcommand. As an example, here is the process we use:CI Build:
Execute
check-audit --omit dev --registry CUSTOM_REPO_URL--json > audit-report.jsonWhen the CI build fails at this step, a developer will come along and seek to resolve it by:
resolve-audit --omit dev --registry CUSTOM_REPO_URLnpm audit fixis then executed (note the flags have been dropped)npm audit fix --omit dev --registry CUSTOM_REPO_URLaudit-resolve.jsonto state that resolution decision was "fix" (with associated timestamp)I'm unsure whether this is expected behaviour, but these last two manual steps do become frustrating when you have to repeat them regularly. Is it possible to pass any CLI flags provided to the original
resolve-auditcall down to the nestednpm audit fix?The text was updated successfully, but these errors were encountered: